Palo Alto Networks Accredited Systems Engineer (PSE): Endpoint Associate Accreditation Exam

0
58

Question 1. Which three file types can be sent by Traps to WildFire for malware analysis? (Choose three.)
A. Adobe Flash files
B. Excel and Word documents containing macros
C. any executable file
D. Mach-O files (Mach-o) for macO
Answer: B,C,D

Question 2. An independent analysis of Traps concluded that Traps meets the requirements for which two regulatory compliances? (Choose two.)
A. GLBA
B. HIPAA/HITECH
C. Sarbanes Oxley
D. PCI-DSS
Answer: B,D

Question 3. What does the term “Service Protection” mean?
A. A specified process is protected.
B. The Traps agent is tamper¬proof.
C. One Traps Management Server can take over for another.
D. The process running on a Windows Server system is protected.
Answer: B

Question 4. True or false? Traps can be positioned as a replacement for traditional antivirus.
A. True
B. False
Answer: A

Question 5. Which statement is true regarding scanning in the TMS?
A. It is supported by all agent types.
B. It is a protection and prevention feature.
C. It supports macOS endpoints only.
D. It helps companies obtain regulatory compliance.
Answer: D

Question 6. True or false? WildFire detects malware using both static analysis and dynamic analysis mechanisms.
A. True
B. False
Answer: A

Question 7. Which of the following capabilities exceeds the expectations of a PSE Endpoint Associate?
A. defend Traps against the competition
B. design a Traps solution
C. sell the Traps product to a technical audience
D. demonstrate the Traps product
E. deploy Traps solutions in a customer environment
Answer: E

Question 8. Which activity should not be highlighted during a Traps demonstration?
A. disabling or deleting the Traps agent
B. exploit technique prevention by Traps EPMs
C. viewing prevention events in the Traps management service web interface
D. Traps multi¬-method prevention of malware
Answer: A

Question 9. True or false? Traps Local Analysis capability is based on a signature database maintained on the endpoint system and regularly updated by WildFire.
A. True
B. False
Answer: B

Question 10. Which statement is true regarding Traps process protection?
A. Traps protects more than 100 different Windows Processes and more than 50 different Mac processes. Additional processes can be protected based on administrative configuration and settings tuned to the customer’s production environment.
B. Traps protects no processes by default. All processes to be protected must be defined by an administrator.
C. By default, Traps protects every process running on an endpoint.
D. Traps protects more than 100 different Windows Processes and more than 50 different Mac processes. No additional processes can be protected.
Answer: A

Question 11. Which statement is true regarding the Traps Quarantine function?
A. Traps moves malware from the local folder or removable hard drive to the TMS Quarantine folder.
B. File restoration can be enabled by the Traps Agent Console.
C. Traps moves malware from the local folder or removable hard drive to the TMS
D. Traps moves malware from the local folder or removable hard drive to a local Quarantine folder.
Answer: D

Question 12. Which endpoint solution type most accurately describes Traps?
A. Endpoint Management Solution
B. Remediation Solution
C. Detection and Response Solution
D. Prevention Solution
Answer: D

Question 13. A user receives an email with an attached data file containing an exploit. Which statement is true in this situation?
A. The exploit can do damage only if it downloads a piece of malware.
B. The exploit can work only if it begins with a buffer overflow.
C. The exploit could be launched merely by previewing the attachment.
D. The exploit can work only if the corresponding application is installed on the attacker’s system.
Answer: C

Question 14. Content updates do not include which item?
A. new EPMs
B. updates to the Local Analysis model
C. new default policy rules
D. new trusted publishers
Answer: A

Question 15. How does an EPM prevent an exploit attack?
A. by using trusted signers
B. by using local static analysis
C. by focusing on exploit techniques
D. by focusing on software patching
Answer: C

Question 16. Which two attack vector locations can Traps protect? (Choose two.)
A. branch office firewall
B. internet perimeter firewall
C. data center servers
D. end-user workstations
Answer: C,D

Question 17. Which option is a Traps key differentiator?
A. on-demand protection
B. multi-method prevention
C. automatic conversion of prevention to threat intelligence
D. ongoing background scanning for complete protection
Answer: B

Question 18. What is the HTTP address for the Cortex Hub?
A. https://csp.paloaltonetworks.com
B. https://apps.paloaltonetworks.com
C. https://portal.paloaltonetworks.com
D. https://services.paloaltonetworks.com
Answer: B

Question 19. Which two statements describe characteristics of malware executable files? (Choose two.)
A. It relies on a legitimate application reading it.
B. It can take the form of executable code or scripts.
C. It has malicious intent, acting against the interest of the computer user
D. It is contained in an application data file such as a PDF, JPEG, or HTML file.
Answer: B,C

Question 20. True or false? Traps must be sold in conjunction with Palo Alto Networks next-generation firewall products and cannot be sold separately.
A. True
B. False
Answer: B

Question 21. Which three options are Traps differentiators? (Choose three.)
A. persistent protection
B. multi-method prevention
C. automatic conversion of threat intelligence into prevention
D. proactive patching for servers and endpoints
Answer: A,B,C

Question 22. How many exploit techniques must be prevented to stop a successful attack?
A. 1
B. 2
C. 3
D. all of the techniques
Answer: A

Question 23. When an executable is being evaluated by a Traps malware prevention process, what are restriction rules used for?
A. restrict which administrators can set policies
B. restrict where and how users can run executable files
C. restrict which processes will be protected by EPMs
D. restrict the information displayed to users when the Traps agent blocks an exploit
Answer: B

Question 24. When a security event occurs, which Traps component captures forensic information about the event?
A. Traps agent
B. NGFW Database
C. Traps Management Server
D. Traps Management Server Console
Answer: A

Question 25. What does Traps use to stop an exploit technique?
A. exploit protection modules (EPMs)
B. malware protection modules (MPMs)
C. memory corruption
D. logic flaws
Answer: A

Question 26. Which three file types can Traps send to WildFire for analysis? (Choose three.)
A. Portable Executable files (PEs)
B. Windows PowerShell scripts
C. Mach-O files
D. Microsoft Office files containing macros
Answer: A,C,D

Question 27. True or false? An executable’s hash verdict from WildFire can be overridden to mark the hash as Malicious or Benign for the local domain.
A. True
B. False
Answer: A

Question 28. Which statement is true about malware verdicts?
A. Local Analysis verdicts take precedence over WildFire verdicts.
B. The end user can use the Traps console to override a verdict of Malicious.
C. If WildFire is not available when TMS tries to reach it for a verdict on a file, the endpoint will get a verdict from Local Analysis.
D. If TMS is not available when the Traps agent tries to reach it for a verdict on a file, the file status is marked as Benign.
Answer: C

Question 29. Which statement is true about advanced cyberthreats?
A. Zero-day attacks are unstoppable.
B. Protection against zero-day attacks is impractical.
C. A zero¬-day vulnerability is defined as a security flaw of which the vulnerable product’s vendor has no prior awareness.
D. A zero-¬day vulnerability is defined as a security flaw of which the vulnerable product’s customers have no prior awareness.
Answer: C

Question 30. How does Traps complement Palo Alto Networks perimeter protection?
A. Information about threats is uploaded into Traps agents.
B. Traps endpoints send signatures about threats directly to Palo Alto Networks firewalls.
C. Endpoints sometimes are operated by their users outside the corporate network perimeter.
D. ESM Servers send hashes of files directly to Palo Alto Networks firewalls.
Answer: C

Question 31. Which licenses or subscriptions are required for a Traps deployment?
A. perpetual TMS license
B. one license for all endpoints to be protected (workstations, servers, and VDI)
C. separate licenses for workstations, servers, and VDI
D. WildFire subscription
Answer: B

Question 32. In the Traps management service, which exception type is not valid?
A. Administrator Exception
B. Hash Exception
C. Process Exception
D. Support Exception
Answer: A

Question 33. Which statement is true about the malware protection flow?
A. A trusted signed file is locally exempt from WildFire analysis and Local Analysis.
B. Administrative hash control is evaluated after local static analysis.
C. Child process MPM policy is the last step of the malware protection flow.
D. Local static analysis occurs before a WildFire verdict check.
Answer: A

Question 34. Which statement is true about Local Analysis?
A. Traps endpoint agent software builds a Local Analysis model based on the executables it detects.
B. Local Analysis is called whenever an executable file would otherwise get an Unknown or No Connection verdict.
C. Palo Alto Networks uses large data sets to create Local Analysis.
D. Local Analysis is called to validate all verdicts on executable files, even when a WildFire verdict exists.
Answer: B

Question 35. Which two locations can Traps forward logs? (Choose two.)
A. SNMP Trap
B. Panorama
C. next-generation firewall
D. syslog server
E. FTP server
Answer: B,D

Question 36. Which statement is true about file hashes?
A. Each day WildFire automatically updates the TMS cache with hashes of files known from other customers.
B. TMS sends hashes of PDF files to WildFire.
C. The Traps agent caches the hashes of executable files for which it has verdicts.
D. TMS send hashes of PDF files and MS Office files to the local cache folder.
Answer: C

Question 37. Which statement is true regarding Traps Execution Restrictions?
A. They limit the attack surface of an endpoint by defining where and how users can run executable files.
B. They are used to blacklist or whitelist files for further MPM processing.
C. They are included in regular content updates.
D. They are used to specify which EPMs will be applied to a given process.
Answer: A

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.